python/jc
1
0
Fork 0
mirror of https://github.com/kellyjonbrazil/jc.git synced 2025-07-13 01:20:24 +02:00
Code Issues Releases Activity

doc update

Browse Source
This commit is contained in:
Kelly Brazil
2022-08-14 12:11:31 -07:00
parent 20982ab1a6
commit 0cd471dfb2
2 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/parsers/syslog.md
View File

@ -5,6 +5,9 @@
jc - JSON Convert Syslog RFC 5424 string parser jc - JSON Convert Syslog RFC 5424 string parser
This parser accepts a single syslog line string or multiple syslog lines
separated by newlines.
The `timestamp_epoch` calculated timestamp field is naive. (i.e. based on The `timestamp_epoch` calculated timestamp field is naive. (i.e. based on
the local time of the system the parser is run on) the local time of the system the parser is run on)
@ -13,16 +16,12 @@ is only available if the timezone field is UTC.
Usage (cli): Usage (cli):
$ syslogstring | jc --syslog $ echo <165>1 2003-08-24T05:14:15.000003-07:00 192.0.2... | jc --syslog
or
$ jc syslog-5424
Usage (module): Usage (module):
import jc import jc
result = jc.parse('syslog', syslog_command_output) result = jc.parse('syslog', syslog_string)
Schema: Schema:
Blank values converted to `null`/`None` Blank values converted to `null`/`None`
@ -97,7 +96,7 @@ Examples:
"appname": "evntslog", "appname": "evntslog",
"proc_id": null, "proc_id": null,
"msg_id": "ID47", "msg_id": "ID47",
"structured_data": "[exampleSDID@32473 iut=\"3\" eventSource=\...", "structured_data": "[exampleSDID@32473 iut=\\"3\\" eventSource...",
"message": "unauthorized attempt" "message": "unauthorized attempt"
} }
] ]

13
jc/parsers/syslog.py
View File

@ -1,5 +1,8 @@
"""jc - JSON Convert Syslog RFC 5424 string parser """jc - JSON Convert Syslog RFC 5424 string parser
This parser accepts a single syslog line string or multiple syslog lines
separated by newlines.
The `timestamp_epoch` calculated timestamp field is naive. (i.e. based on The `timestamp_epoch` calculated timestamp field is naive. (i.e. based on
the local time of the system the parser is run on) the local time of the system the parser is run on)
@ -8,16 +11,12 @@ is only available if the timezone field is UTC.
Usage (cli): Usage (cli):
$ syslogstring | jc --syslog $ echo <165>1 2003-08-24T05:14:15.000003-07:00 192.0.2... | jc --syslog
or
$ jc syslog-5424
Usage (module): Usage (module):
import jc import jc
result = jc.parse('syslog', syslog_command_output) result = jc.parse('syslog', syslog_string)
Schema: Schema:
Blank values converted to `null`/`None` Blank values converted to `null`/`None`
@ -92,7 +91,7 @@ Examples:
"appname": "evntslog", "appname": "evntslog",
"proc_id": null, "proc_id": null,
"msg_id": "ID47", "msg_id": "ID47",
"structured_data": "[exampleSDID@32473 iut=\"3\" eventSource=\...", "structured_data": "[exampleSDID@32473 iut=\\"3\\" eventSource...",
"message": "unauthorized attempt" "message": "unauthorized attempt"
} }
] ]